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Apparatus and method for conveying private information witiiln a 
group communication system 

Technical Held of Ihe invention 

The present invention relates to an apparatus and melhod for conveying private in- 
formation within an established group communication. More in detail, the invention 
relates to communication between two parties within an established IP-multicast 
group where the group involves more than two participants. 

Background of the Invention 

Media information can be distributed within a communicating group of users by 
means of so-called IP-multicast transmission. This multicast transmission technique 
relies on the principle that the information is transmitted to a multicast group and 
further copied in the network to participating parties who require a copy of the in- 
formation. 

Public information in a network of the above kmd is distributed within the gioiip of 
users by IP-multicast in the form of streamed media. However, there may be a need 
for distribution information of particular interest to only a sub-part of participating 
users, and distribute private messages exclusively within tibat sub-part of the partici- 
pating group. According to prior art technology, in such a case a special communi- 
cation channel is established between the sub-group members in parallel with the 
public multicast commimication channel. However, network constraints, such as 
firewalls or other access limiting security arrangements rosy impede or even pre- 
clude transmission of non-multicast communication from reaching the intended re- 
cipient This is a drawback associated with prior art, which limits the deployment of 
applications for group communication. Today, tiie trend in society is that measures 
are taken in the direction of enhanced security, and the security ccmsciousness 



among users and network administrators has increased Therefore the need for an 
arrangement enabling communication, while shnultaneously rejecting network 
constraints and limitations, such as firewalls and other security measures, has be- 
come even greater than before. 

Summary of the Invention 

It is &erefote an object of the present invention to alleviate the previously men- 
tioned shortcomings of prior art associated with group communication services* This 
is accomplished by an apparatus and method for distribution of a streamed signal 
within a group of users in a conq>uter network, the users accessing client terminals 
for participation in a multicast session, Ihe apparatus comprisin^^ 

connecting links adapted to connect Ihe client terminals of users and 
related equipment such as capturing means, to the multicast session, preferably via 
the Internet or other interconnecting network, 

an extension header being added to data packets of the streamed signal, 
the extension header comprising identification data relating to the intended recipient 
of a packet, 
characterised in that 

a filtering means associated with the receiving client adapted to filter 
out data packets having the address of the recipient and receiving the streamed sig- 
nal. 

Only one copy of the information is transmitted fix>m the sender independendy of 
the amount of receivers. Within a multicast group, as previously desCTibed, there 
may be a need for transmitting private or confidential information exclusively 
within only a subpart of the group, usually transmission one to one. By means of ad^ 
ditional encryption, there is a fiuther possibility of making also strictly confidential 
information which is distributed accessible to only intended recipients. This could 
be critical information not to be disclosed to all parties in a business negotiation. 
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keys and solutions to problems during an electronic educational meeting, individual 
tuition during an electronic meeting being part of distance learnings foreign affairs 
or political relations, etc. 

S The present invention, which provides a solution to the mentioned distribution and 
confidratiality problem is advantageous in many irays. The previous need for es- 
tablishing a dedicated imicast connection in parallel with tibie existing multicast con-- 
nection is no longer necessary. Communication of non-public interest, possibly of 
private or sensitive nature, may be executed during a public session. The advantage 
10 of the invention is hence the ability to reuse the existing communications channel 
while maintaining the confidentiality if tins is desirable. 

Due to network constraint it is desirable to send also this infonnation using IP- 
multicast even though it will reach non-interested receivers. These network con- 
1 S straints include for sample firewalls and other corresponding security arrangements 
where the receiver might only have IP-multicast access or only access to a portal, 
i.e. a so-called reflector. 



Brief description of the dravrings 

20 

The features, objects, and further advantages of Ibis invention will become appeieat 
by reading this description in conjunction with the accompanying drawings, in 
which like reference numerals refer to like elements and in which: 

25 Fig 1 illustrates a schematic overview of the apparatus for distribution of a streamed 
signal within a group of users according to the present invention. 

Fig 2 is a signalling chart representing the content of a header added to distributed 
data packets according to the present invention. 
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Detailed description 



The following description is of the best mode presently contemplated for practising 
the invention. The description is not to be taken in a limiting sense, but is made 
merely for the purpose of describing the general principles of the invention. The 
scope of the invention should be ascertained with reference to the issued claims. 

Accoiding to the present invention, the Internet is used as a means for distribution 
of streamed media. Use of the Internet is the optimal solution as long as it provides a 
reliable connection having sufiGciaat transmission rales, without network congestion 
problems. The invention does not lead to undesired overioad witinn the compater 
networks with unnecessary amounts of raw data, and liie raw data can be com- 
pressed to require even less transmission capacity. The amount of data distributed 
through the network is reduced, since the data stream sent as a copy firom one client 
texminal to other associated client terminals can be conqiressed, as a result of which 
the total amoimt of data transmitted over the netwoik is reduced. 

The inq>lemCTtation of the invention is based on addition of a special header to pri- 
vate packets being part of transmitted information in a network. The packets identify 
the receivers and these packets are filtered on the receiving side of the distribution 
channel, although every participating member in a communication group actually 
receives the identifiable data. This is implemented in practice using a special header 
extension which is available in the Real-time Transport Protocol standard for identi- 
fying that header extensions actually exist in the packet 

The invention is not Imiited to any particular type of data but is applicable for any 
type of information transmitted, such as for audio, video, chat, eto. 

Wifli reference to Fig 1, a schematic overview illustrates the apparatus for distribu- 
tion of a streamed signal within a group of users in a computer networic. A plurality 
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of cUent tenninals 10, 20, 30, 40 connected to a distributing globaUy connected 
con^uter networic, such as the Internet via connecting links 12, 22, 32, 42. The con- 
necting lines maybe various wired connections, but likely for use already today or 
at least in a near fixture are also wireless tninsmission technologies, such as access 
5 technology based on infrared, Bluetooth or wireless-LAN. Connection means used 
in association with the present invention win be developing with new and emerging 
access technologies. To eadi host is coupled inage capturing means 16, 26, 36, 46, 
preferably a so-called web-camera, a digital camera or a digital video camera. 
Moreover, audio capturing means 18, 28, 38, 48, in tiie form of a noicrophone ar- 
10 rangement is connected to each cHent terminal as well as filtering means 14, 24, 34, 
44. 

The cUent teraunals themselves arrange the distribution of flie data stream to other 
multicast groiq) members. This is an autonomous function between cUent terminals 

15 as soon as fee participants in a group are defined and aulhorised. There may be ar- 
ranged a central administcation entity, prefeaably hi Ae firnn of a portal handling ac- 
cessibiUty of users wilUng to participate m a multicast group of users. Necessary 
identification, authentication and authorisation of users to a group is carried out by 
means of the central administration entity, i.e. the portal mterfecmg between the en- 

20 tity and users, but a detailed description of those st^s clearly goes beyond the scope 
of this application and is tii^fore omitted here. 

With particular reference to Fig 2, parts of the previously mentioned Real-time 
Transfer Protocol (RTP) is depicted. The protocol comprises a part of the header 
25 called the extension bit When tiiis bit is determined, &e normal RTP header is fol- 
lowed by a new RTP header extension havhig a content of at least 4 bytes of data. 
This new extension header is placed between the RTP header and the RTP payload, 
which contains the actual content to be distributed, such as for example flie video 
stream of a multicast session. 
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The extension name is set to a common identifier, identifying this extension as a 
filter destination. In accordance with a prefened embodiment of the invention, the 
filter destination header is identified by Ae bytes numbered 77 and 65. The "length" 
field is flie total length of the header extimsion inchiding the first 4 bytes. Reference 
is here made to flie RTP spedfication lEIF RFCl 889 (request for comments) where 
the first 4 bytes ate defined. «v" which is fomid fer left in Fig 2 defines two bits 
primatUy intended for making changes possible within Ae header extension. «X*' 
denotes an mmsed field in the header, "cmd" is a command feat allows alternative 
use of the header extension. The reason for this possible alternative use is feat a 
stream can only contain one RTP header extension per packet if it is to conform 
wife fee RTP specification. In this case fee oommaod cmd is set to 0. "dest number" 
isfeenumberof destinations in feis particular padcet, which may be any number 
relating to fee size of fee sub-group of intended recipients, '"real payload" is tiie type 
of data being sent in tins packet. The real RTP header contains a payload type field 
and just as fee case of ofeer i^Ucations, tiieie ate not intended to be able to decode 
fee data by leaving out fee extension header. Hus extension header is originally set 
to fee origmal value of 127. This number denotes, in accordance wife tiie mentioned 
RTP specification, "unspecified" and feen includes fee real payload type. This will 
lead to applications tiiat do not interpret this header extension to dispose of fee 
packet IDl, ID2, ... are fee unique identifiers for fee intended destination, i.e. who 
fee intended reorient of tiiis packet is. 

ReaUsation of fee addition of an extension header to a data packet can be carried out 
in accordance wife fee following embodiment The saider is sending data to every- 
body in fee group, fee group by way of exan^le conqaising three users. There users 
are userl (id=10), uset2 (id=20) anduserS Ci*=30). For any reason, fee sender of 
data may be interested in sending a data packet to only '^userr and "userB'*. This is 
denoted a private audio conversation, or a so-called whisper witiiin fee group com- 
munication. The new packet is composed wife fee header extension bit set to 1 and 
header extension is added after the RTP header as previously described wife refer- 



ence to Fig 2. This extension header will comprise "dest nummet^ = 2 and *'ID1'* = 
10 and **ID2" = 30. Subsequently a packet is sent to the whole group and is received 
by all three users (userl, usei2 and user3). The second user, Le. user2 will also re- 
ceive this packet and decode die extendon header but will not find itself in the des- 
tinations list and it will therefcne dispose of the packet 

However, the other users, i.e. userl and us6r3, will decode flie extension header, 
find themselves in the destination Ust and handle the data according to tiie payload 
type defined in the "real payload" type field. 

In accordance with the present invention, software is developed in parallel with the 
apparatus for distribution of signals. The sofiwaie resides in a memory associated 
with said appaxatas. The software is designed for mstructing the hardware to carry 
out sequmtial method steps previously described in this application. 
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Claims 

1. Apparatus for <Ksta^uti<m of a steeamedsigiuawMim a 

puter network, the iisers accessing cUent teraiinals (10, 20, 30, 40) for parddpar 
tion in a multicast session, flie apparatus comprising, 

connecting links (12, 22, 32, 42) adapted to connect the client temiinab 
of useis and related equipment, such as capturing means (16, 26...; 18, 28. . .). to 
the multicast session, preferably via ttie Internet or oflier interconnecting net- 
woik, 

an extendon header b«ng added to data packets of the streamed signal. 
fbe extension header con?»rising identification datarelating to tiie intended le- 
cipient of a packet, 
characterised in that 

a filtering means (14, 24, 34. 44) associated with the receiving cUent 
adapted to filter out data packets having the address of flie recipient and leceiv- 
ii^ the streamed signaL 

2. Apparatus for distribution of a streamed signal according to claim 1. character- 
ised in that 

the tiansmittBd signal is encoded by the sending client terminal and de- 
coded by tiie intended recipirait only at the receivmg client termmal by means of 
a separately provided decryption kqr. 

3. Method for distributing a streamed signal the Internet or o&er interconnecting 
network witiiin a group of users in a computer network, the users accessing cU- 
ent tennmals (10, 20, 30, 40) for participation in a multicast session, the method 

con^rising the steps of. 

adding an extension header to data packets of the streamed signal, ihe 
extension header identifying the intended recipient of a packet, 
characteiised in that 



filtering out data packets having identification data corresponding to the 
recipient and aflowing them to pass through a filtering means (14, 24, 34, 44), 
which is associated with the recdving cUeat 

4. Computer program product for distrflialhig a sttcamedsigi^ 

users m a computer network, Ihe coo^mter program product bemg mtegrated a^^ 

transmissible between comprised units according to claims 1-2, and the com- 
puter program product being adapted for canymg out&e method steps of claim 
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Abstract 

The present mvention relates to an ^)paratns and mefliDd for distribution of a 
streamed signal within a group of users in a counter netwodc, fte users accessing 
cUent terminals (10, 20, 30, 40) for participation in a multicast session. The appara- 
tus comprises connecting links (12. 22, 32, 42) adapted to comiect the client termi- 
nals of users and related equipment, such as capturing means (16, 26. . .; 18, 28.. .), 
to the multicast session, preferably via the Internet or other interconnectmg network. 
Anextensionheader is added to data packets of the streamed signal, the extension 
header comprising identificatiott data relating to &e intended recipiait of a packet. 
Hie invention is characterised in that a filtering means (14, 24. 34, 44) is associated 
with the receiving cUent adapted to filter out data packets having flie address of flie 
recipient and receiving the streamed signal. Consequently, the existing communica- 
tion channel can be reused. 



(Fig 1 for publication) 
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